Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1OWotNWc5di0zZnBx
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.
Permalink: https://github.com/advisories/GHSA-959j-5g9v-3fpqJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1OWotNWc5di0zZnBx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 7 years ago
Updated: over 1 year ago
EPSS Percentage: 0.00046
EPSS Percentile: 0.19021
Identifiers: GHSA-959j-5g9v-3fpq, CVE-2014-1234
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-1234
- http://openwall.com/lists/oss-security/2014/01/08/2
- http://www.vapid.dhs.org/advisories/paratrooper-newrelic-api.html
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/paratrooper-newrelic/CVE-2014-1234.yml
- https://github.com/advisories/GHSA-959j-5g9v-3fpq
Affected Packages
rubygems:paratrooper-newrelic
Dependent packages: 0Dependent repositories: 0
Downloads: 4,408 total
Affected Version Ranges: <= 1.0.1
No known fixed version
All affected versions: 1.0.1